Skills
skills/jstarfilms/vibecode-protocol-suite/stitch/Gen Agent Trust Hub

stitch

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The react-components and remotion skills utilize bash-wrapped curl commands to download design assets from external URLs provided in project metadata.
  • Evidence: react-components/scripts/fetch-stitch.sh and remotion/scripts/download-stitch-asset.sh execute curl -L using parameters passed directly from agent-retrieved tool outputs.
  • REMOTE_CODE_EXECUTION (LOW): The skill instructs the agent to perform dynamic package installation and run local servers for verification, which are standard for development but represent an execution surface.
  • Evidence: react-components/SKILL.md directs the agent to run npm install for validation tools, and stitch-loop/SKILL.md suggests running npx serve for visual auditing.
  • INDIRECT_PROMPT_INJECTION (LOW): The stitch-loop skill is designed as an autonomous agent that reads and writes its own next instructions in a 'baton' file, creating a surface for indirect injection if project files are modified by an external actor.
  • Evidence Chain (Category 8):
  • Ingestion points: next-prompt.md is parsed as the primary task source in stitch-loop/SKILL.md Step 1.
  • Boundary markers: Uses YAML frontmatter to separate metadata from the prompt body.
  • Capability inventory: Includes stitch:* screen generation, Write file access, and Bash execution.
  • Sanitization: No sanitization of the baton content is described; the agent is instructed to trust the file as 'Long-Term Memory'.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:32 PM